IOC Radar
DomainMediumSignal 68/100

main-connection.click

Location
United StatesUnited States
First Seen
Mar 14, 2025
Last Seen
May 12, 2026
Mar 14
First Seen
469d ago
May 12
Last Seen
45d ago
9
Reports
source reports
68%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

21 techniques

Feed Intelligence Summary

9 reports68% confidence
9
Source reports
68%
Confidence score
Category tags
active scanaptattackbotnetbotnet activitybrute forcec2command & controlcommand and controlcredential stuffingcredential theftdata exfiltrationdata store exposuredistributed attacksexploitation activityfake recaptchaidentity & access exploitationindicatorinformation gatheringinfostealerinjection activitymalicious activitymalicious softwaremalwarenetworknorth americaphishingprocess injectionrecaptcharedline stealerresearchedscams & fraudsocial engineeringstealert1003t1005t1055t1059.005t1071.001t1071.004t1078t1081t1083t1113t1115t1189t1486t1496t1499.002t1499.003t1555t1555.003t1565t1566t1566.001threat actortor nodeunited states

Activity Timeline

1 total obs
May 12May 12

Threat Activity Heatmap

· Peak: 2026-05-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **main-connection.click**, originating from the United States, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on March

Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
9
Reports
First seenMar 14, 2025
Last seenMay 12, 2026

VirusTotal

Not checked

WHOIS

description
IoCs found on recent fake ReCaptcha. Files detected in relation to RedLine Stealer malware family.
domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Billing city: REDACTED FOR PRIVACY Billing country: REDACTED FOR PRIVACY Billing state: REDACTED FOR PRIVACY Create date: 2025-03-06 00:00:00 Domain name: main-connection.click Domain registrar id: 1479 Domain registrar url: www.namesilo.com Expiry date: 2026-03-06 00:00:00 Name server 1: lila.ns.cloudflare.com Name server 2: dylan.ns.cloudflare.com Query time: 2025-03-07 11:42:11 Registrant city: 1f8f4166599d23ee Registrant company: 566bb814321610e4 Registrant country: United States Registrant email: 29e2c061f3c9524es@ Registrant fax: 31d1617d95c9a75c Registrant name: 1f8f4166599d23ee Registrant phone: 31d1617d95c9a75c Registrant state: e1c7c1911395a3cf Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2025-03-06 00:00:00
references
https://threatfox.abuse.ch/export/csv/recent/
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 9 threat reports